A strong enterprise risk management program that includes a well-rounded knowledge of an organization's risk is essential for managers to successfully communicate strategic risk management efforts to an organization's stakeholders.

Commonly defined as the process of identifying, assessing and managing the risk in the organization's business strategy, SRM is considered a subset of enterprise risk management. SRM is a continual process embedded in the company's strategic decision-making, industry experts say.

While ERM lays the foundation of communicating risks to stakeholders and earning a seat in the boardroom, SRM is the next step in addressing specific risks and their potential rewards, said Frank Fiorille, director of risk management for Paychex Inc., based in Rochester, N.Y.

“The ERM platform is ready now to take that additional risk on,” he said. “There are foundational things there, whether it's the analytics or whether it's the day-to-day operations they're normally doing, that fit in really well for that function to then look out at the strategic risk issues.”

Communicating risk initiatives and demonstrating value of ERM and SRM to stakeholders remains challenging, industry experts say. But, according to Mr. Fiorille, once the value proposition of ERM is endorsed, C-suite executives see the value of having the risk function at the table.

“In my experience, they like it. They see the value and they see what it can do for the business,” Mr. Fiorille said, noting that risk managers with established ERM programs are well-equipped to take on SRM initiatives.

As buy-in comes from the top, senior-level management needs to understand their risk exposures, said Joe Calandro, managing director in PricewaterhouseCoopers L.L.P.'s U.S. insurance advisory division in New York. Gathering information to assign values to various exposures across the organization requires significant time and expertise.

%%BREAK%%

“If you have good exposure data and you understand your gross and net exposures, you can screen a lot of those ambiguous threats away and anchor your analysis to what's going to hit your balance sheet,” Mr. Calandro said. “A chairman of the board and chief executives are going to really want to understand that and be able to manage it and take it in context. So there's going to be questions.”

Organizations that can harness exposure data from across the organization to demonstrate to senior management internal and external risks have the advantage going forward with respect to their internal and external risk environment are going to have the advantage going forward, he said.

Most firms report quarterly to a risk committee that monitors select risks issues. “It starts with that,” Mr. Calandro said.

Hans Læssøe, senior director of strategic risk management for toy manufacturer LEGO Group in Billund, Denmark, said that specifically and knowledgeably addressing risk issues with senior management is crucial when communicating SRM efforts.

“My key point of making the case for SRM is 'the language of business,'” Mr. Læssøe said. “When you explicitly address and prioritize risks and opportunities and know your exposure vs. the risk appetite, you will often find that you can take bigger chances and be more bold than you expect. That is the base for faster growth and higher profits, based on a limited effort,” he said.

Laurie Champion, managing director and practice leader for enterprise risk management at Aon Global Risk Consulting in Atlanta, said it is important to explain how SRM and the corporate strategy are linked to help people understand how the process will work.

“What we're talking about here is making risk an integrated part of the strategy process,” Ms. Champion said. For some clients, “we'll talk about the 'risk component of the strategic planning process'—they put it in those types of words,” she said. “That becomes more accessible to people because it doesn't sound like something different; it sounds like we're making our strategic planning process better.”

%%BREAK%%

Another important consideration is dealing with the reporting and communication around risk, Ms. Champion said.

To the extent an organization can use familiar and existing formats for reports about risk, the easier it is for people to see SRM as a natural extension of the business, she said.

“Those key elements make this much more accessible to people,” Ms. Champion said. “It's easier to see why we're doing what we're doing and why there's value in it.”

At Paychex, Mr. Fiorille's first reaction was to build risk models that were germane to the risk function, which didn't generate much internal interest.

“The way to get the resource investment and buy-in was to build something for people to understand,” Mr. Fiorille said. “We built a model that was more for the operations and sales guys, and it worked very well. That basically set the tone and led the way for us to then build traditional risk models.”

Communicating SRM efforts to stakeholders helps them understand the risks that could impede the company's vision, said Corey Gooch, Chicago-based senior ERM consultant at Towers Watson & Co.

“It is very important to communicate to the stakeholders in a common language with metrics they understand,” Mr. Gooch said. “The use of a more analytical approach, even if it is soft analytics, to put numbers around the risk's size compared to risk appetite” helps stakeholder understanding. “Then, measure the expected return on investment from the mitigation strategies in place for a common metric important to management.”